Ransomware and Vulnerability Management

Dear readers, 

We decided to dedicate our June edition to a very current and recurring topic - Ransomware and Vulnerability Management. During the COVID pandemic, the ransomware industry was more powerful than ever. That’s why it’s so crucial to understand how ransomware and malware threatens us every day, but also how to prevent or secure vulnerabilities of our system. We prepared ten quality articles that will help you acknowledge and protect yourself from those threats. Let’s dive into it!

We start off with Ransomware Redux, in which you’ll learn what ransomware is, how to prevent its attacks and what was a “Colonial Pipeline” case. Then we swiftly drift to Ransomware and Phishing, in which the author explains why ransomware is so dangerous and how phishing can be used to leverage such attacks. 

Later on in Project Indigo Brick. New Pathways in Data Handling you’ll explore the landscape of problems that arise from ransomware, and also you’ll learn about the newest solution for securing your data from such attacks. 

In Introduction to Vulnerability Management. How to Perform an Effective Vulnerability Management you’ll learn how important is the role of effective vulnerability management and what are the best vulnerability analysis tools. If you’re more interested in Android security, we suggest you take a look at Simple Android Ransomware and Mrs. Major Virus, in which the author explains characteristics of a simple android ransomware attack (SARA) and presents how to use the Mrs. Major virus. 

Later on, in Ransomware (Trojan Horse) Attacks Could Have Been Predicted Back in 1987 by Reading the Department of Defense’s Orange Book, the author explains how The Department of Defense’s rainbow series for information security is still relevant and how Trojan Horse attacks on Windows could have been predicted by the orange book due to Windows’ discretionary Access Control. 

If you prefer more analytical articles, you may want to take a look at The Darkside Ransomware Sample Analysis, Part 1, in which the author analyses a ransomware sample using REMnux. 

But there’s more! We also prepared articles touching the topics of malware, password cracking, and mobile security, so everyone can find something for themselves. 

We hope you’ll enjoy reading this issue as much as we enjoyed creating it. We would also like to thank our contributors, reviewers and proofreaders, without whom this edition wouldn’t have been possible.

Stay safe and enjoy!

Hakin9 Editorial Team

---

Table of Contents

Ransomware Redux

Syed Peer

As humanity (in its billions) marches forwards in its relentless race to break new technology frontiers and mankind revels in its fruits with gadgets galore and more toys than we will ever have to time to play with, a blue-collar industry has come into existence of modern-day burglars, pirates, and highwaymen. As we can see clearly now, the ransomware threat is not going away anytime soon. Quite the opposite is to be expected. As long as there are pliable targets (such as Colonial) all too ready to part with the cash after the event rather than invest in better training and threat monitoring and due diligence before the attack, there will remain an army of ready and able actors to continue this trend.

---

Ransomware and Phishing

Jeff Minakata

In this article, we will be talking about ransomware, what it is, why it’s so dangerous, and how phishing can be leveraged to deploy this attack. We will also be discussing why phishing emails are so effective, breaking down real phishing emails and going over some tips to help prevent an attack.

---

Project Indigo Brick. New Pathways in Data Handling

Atlas Stark

In this article, we will not only explore the landscape of the problem that arises from ransomware attacks, but also some patent pending software we have created that we believe can make a global difference in this fight and secure our data with a new, dynamic solution.  What is this solution, you ask? It’s called Project Indigo Brick.

---

Introduction To Vulnerability Management. How to Perform effective Vulnerability Management

Joas Antonio dos Santos, William dos Santos Barbosa

Vulnerability Management is one of the most important processes that an organization can have, being necessary especially nowadays with cyber attacks being common and part of the daily life of many companies. However, vulnerability management is not something that is easy to implement, that is, it is not enough to have a vulnerability analysis tool and think that this alone is enough. But what is needed to implement effective vulnerability management?

---

Simple Android Ransomware and Mrs. Major Virus

Mayukh Paul

Malware is malicious software made to cause harm to a computer user. Malware is commonly used by hackers to spy on users or steal their data to blackmail them or sell that data for the highest bidder on dark web. Malware can also be used to destroy complete systems. Some common types of malware are viruses, worms, ransomware, Trojans, spyware, adware, and botnets. In this article, I am going to demonstrate two types of malware - SARA and Mrs. Major virus.

---

Ransomware (Trojan horse) Attacks Could Have Been Predicted Pack in 1987 by Reading the Department of Defense’s Orange Book

Paul F. Renda

This article argues that the Department of Defense rainbow series of books for information security is still relevant today for informing the expertise of information security professionals. This Rainbow series is composed of 27 Department of Defense books for information security hence the rainbow series. One book in particular, the orange book, is still being used as a reference for security.  The orange book may seem ancient, but the Chinese have used it to classify their new desktop operating system.

---

Demystifying Malware - an Entry Level Introduction to Malware for Dummies

Bhavesh Kaul

Ransomware, according to Trend Micro (2018), is a type of virus that prevents users from using their computers entirely and, in the most recent cases, encrypts all of the files on the computer. The encryption method of a ransomware works by encoding the documents of the framework by a wide range of strategies. To recover the information, the client needs to get a decoding key, which they may get once the transfer of money to the attacker is completed by the client. However, the attacker may not give a decryption key to the user at all.

---

Your Mobile, Your Data. Please Secure Them

Ammar Abdulateef Almulhim, Johara Abdulrahman Aljarri, Ziad Ibrahim Alomair

My mobile was hacked, my social media account compromised, or my mobile data lost. These are all complaints heard frequently from normal mobile users. Cybercrimes are increasing day after day, especially nowadays with the increased dependency on mobile phones to surf the internet, listen to music, check emails, post on social media, shop online or even pay using mobiles. With this increase in dependency, attackers and malware are becoming more sophisticated targeting mobile end users.

---

The Darkside Ransomware Sample Analysis, Part 1

Paulo Pereira

Last May, the USA saw the Colonial Pipeline under a ransomware attack. Fuel distribution was affected, causing long lines of cars across the east coast. JBS, a meat distributor, has been attacked as well as the Sky Lakes Medical Center in Klamath Falls, Oregon. This article is focused on forensics analysis of the ransomware and not about the political pattern of these attacks. We know that these attacks spawned damages, stopping crucial services around the world (not only in the USA).

---

Cracking WPA2 Wireless Passwords – The HCX way

Dr. Akashdeep Bhardwaj, Keshav Kaushik, Varun Sapra

Cracking WPA2 wireless network passwords has been following roughly the same process for many years. This meant kicking someone off the wireless network and waiting for them to re-connect. Instead of depending on intercepting the dual communications between wireless systems and devices, when attempting to crack the Wifi access passcode, the authors propose a new methodology which can be adopted by cyber attackers to interact directly with the vulnerable wireless access point and crack the access code. This new wireless attack process involves less interaction and information gathering as compared to the old ways of WPA2 passcode cracking.